Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Reopen Google Wi-Fi Investigation, Say Lawmakers

Two Congressmen call on the Department of Justice to investigate whether Google's wardriving practices violate wiretapping laws.

Google Drive: 10 Alternatives To See
Google Drive: 10 Alternatives To See
(click image for larger view and for slideshow)
Two U.S. Congressmen have called on the Department of Justice to reopen its investigation into Google, after revelations that the company's Street View vehicles recorded large amounts of unencrypted Wi-Fi data. Although Google had maintained that the data collection was accidental, last month a new report revealed that the data collection was, in fact, by design.

"In light of this, we are writing to request that the Department [of Justice] evaluate ... whether it would be appropriate to re-open its investigation to assess whether Google's conduct may in fact have violated the law," wrote Frank Pallone Jr. (D-NJ) and John Barrow (D-Ga.) Thursday in a letter to Attorney General Eric Holder. "By ensuring that this matter is investigated to the fullest extent, we can understand what happened and how it can be prevented from ever happening again."

Google has long maintained that although the data collection might have been inappropriate, it wasn't illegal. "We have always been clear that the leaders of this project did not want or intend to use this payload data. Indeed Google never used it in any of our products or services," a Google spokesman said via email. "Both the DoJ and the FCC have looked into this closely--including reviewing the internal correspondence--and both found no violation of law."

[ Read Google Wardriving: How Engineering Trumped Privacy. ]

The Federal Trade Commission in October 2010 also declined to fine Google following its Street View investigation, although the FTC received assurances from Google that it would delete all inadvertently collected Wi-Fi payload data. Google also said that it had already put new business processes in place to help prevent similar incidents from reoccurring. In May 2011, meanwhile, the Department of Justice declined to prosecute Google after investigating whether the company had violated the Wiretap Act.

Last month, however, the FCC released a report that included testimony from Google employees who had direct knowledge of the Street View program. Although Google had long maintained--and executives might have believed--that the Wi-Fi data collection was accidental, the report disclosed that "the data collection resulted from a deliberate software design decision by one of the Google employees working on the Street View project," and was detailed in a design document approved by managers.

In other words, Google actively engaged in wardriving, which is the practice of driving around and looking for accessible wireless networks or wireless data traffic, then sniffing and storing the data they're sending and receiving. But it's not clear whether this practice would have violated any U.S. laws.

In the wake of the report, European investigators are reportedly considering reopening their Google Street View investigations. Notably, although Canada and multiple European countries found that Google had violated their privacy laws, they let the matter rest after Google agreed to delete collected data and revise its privacy practices. France, meanwhile, also hit Google with a record privacy fine.

The FCC also fined Google $25,000 for having obstructed its investigation, but not for violating communications, wiretapping, or any other U.S. laws or regulations. Still, according to the FCC's report, "significant factual questions" remained unanswered, owing to the engineer who added the war-driving capabilities to Street View having "invoked his Fifth Amendment right against self-incrimination and declined to testify."

Might Google be called on to now answer those factual questions?

Mobile Connect addresses the strategic direction that will define enterprise IT for the next decade--building and managing information systems that run on a mobile platform. Mobile Connect will bring together enterprise mobility thought leaders to discuss the innovations in mobile, and how forward-thinking companies are getting the technology to work for them, providing unprecedented business value. It happens in Boston, June 18-20. Register today.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Number 6
Number 6,
User Rank: Apprentice
5/29/2012 | 8:16:29 PM
re: Reopen Google Wi-Fi Investigation, Say Lawmakers
They're just annoyed that a corporation is doing what they've already permitted the NSA to do.

All your data are belong to us.

Goes to show you that all it takes is for one worker-bee to screw up.
User Rank: Apprentice
5/25/2012 | 11:29:53 PM
re: Reopen Google Wi-Fi Investigation, Say Lawmakers
"If you can't work out a backroom deal" sounds like the standard methods used in Greece, Italy, and a few other mediterranean bordering countries. Is their economic state of affairs what you would propose we use as a model of excellence? The point is not the unencrypted data as much as it is the active harvesting of that information and undisclosed use. Until next to the WiFi enabled signs there is a disclosure that reminds people they are using unsecured networks, I'm assuming that most individuals are not aware/uninformed which is separate and distinct from the majority which read and post comments to InformationWeek articles.
retired, not
retired, not,
User Rank: Apprentice
5/25/2012 | 5:35:58 PM
re: Reopen Google Wi-Fi Investigation, Say Lawmakers
"unencrypted Wi-Fi data" Say it with me "UN EN CRYPTED WI FI DATA". Doesn't the DOJ have more important things to do like go after online poker players? Congress has MUCH more important issues to deal with, as does the DOJ. If networks choose (or are too stupid not to) run their nets PUBLICLY - then so be it - the info is available to ANYONE that cares to let their computer connect to random networks.
User Rank: Apprentice
5/25/2012 | 4:23:22 PM
re: Reopen Google Wi-Fi Investigation, Say Lawmakers
Hey Congress, are you just wanna be Europeans. How about supporting American companies instead of jumping on the bandwagon. This is another one for the "If I wanted to destroy America" series. If you can't work out a backroom deal with an American corporation, then you don't deserve to be in office. And, oh yeah Pallone, I live in N.J. Want to bet which way I'll be voting the next time you run for office? I think all elected officials should be under constant investigation because when the spot light is focused, many of them are revealed as self-serving hypocrites if not criminals.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS A...
PUBLISHED: 2021-06-16
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...